dm: Use dm.h header when driver mode is used

This header includes things that are needed to make driver build. Adjust
existing users to include that always, even if other dm/ includes are
present

S

dm: Use dm.h header when driver mode is used

This header includes things that are needed to make driver build. Adjust
existing users to include that always, even if other dm/ includes are
present

Signed-off-by: Simon Glass <sjg@chromium.org>

show more ...

Merge branch 'master' of git://git.denx.de/u-boot

Signed-off-by: Stefano Babic <sbabic@denx.de>

Merge git://git.denx.de/u-boot-fsl-qoriq

armv7: ls1021a: Drop macro CONFIG_LS102XA

Use CONFIG_ARCH_LS1021A instead.

Signed-off-by: York Sun <york.sun@nxp.com>

arm: ls1043ardb: Add SD secure boot target

- Add SD secure boot target for ls1043ardb.
- Implement FSL_LSCH2 specific spl_board_init() to setup CAAM stream
ID and corresponding stream ID in SMMU.

arm: ls1043ardb: Add SD secure boot target

- Add SD secure boot target for ls1043ardb.
- Implement FSL_LSCH2 specific spl_board_init() to setup CAAM stream
ID and corresponding stream ID in SMMU.
- Change the u-boot size defined by a macro for copying the main
U-Boot by SPL to also include the u-boot Secure Boot header size as
header is appended to u-boot image. So header will also be copied
from SD to DDR.
- CONFIG_MAX_SPL_SIZE is limited to 90KB. SPL is copied to OCRAM
(128K) where 32K are reserved for use by boot ROM and 6K for secure
boto header.
- Error messages during SPL boot are limited to error code numbers
instead of strings to reduce the size of SPL image.

Signed-off-by: Vinitha Pillai-B57223 <vinitha.pillai@nxp.com>
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>

show more ...

Merge git://git.denx.de/u-boot-fsl-qoriq

fsl: Secure Boot: Enable IE (Key extention) Feature

For validating images from uboot (Such as Kernel Image), either keys
from SoC fuses can be used or keys from a verified table of public
keys can b

fsl: Secure Boot: Enable IE (Key extention) Feature

For validating images from uboot (Such as Kernel Image), either keys
from SoC fuses can be used or keys from a verified table of public
keys can be used. The latter feature is called IE Key Extension
Feature.

For Layerscape Chasis 3 based platforms, IE table is validated by
Bootrom and address of this table is written in scratch registers 13
and 14 via PBI commands.

Following are the steps describing usage of this feature:

1) Verify IE Table in ISBC phase using keys stored in fuses.
2) Install IE table. (To be used across verification of multiple
images stored in a static global structure.)
3) Use keys from IE table, to verify further images.

Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Saksham Jain <saksham.jain@nxp.com>
Signed-off-by: Udit Agarwal <udit.agarwal@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>

show more ...

Merge git://git.denx.de/u-boot-fsl-qoriq

Signed-off-by: Tom Rini <trini@konsulko.com>

Conflicts:
include/configs/ls1021aqds.h
include/configs/ls1021atwr.h

fsl_sec_mon: Update driver for Security Monitor

Update the API's for transition of Security Monitor states. Instead
of providing both initial and final states for transition, just
provide final stat

fsl_sec_mon: Update driver for Security Monitor

Update the API's for transition of Security Monitor states. Instead
of providing both initial and final states for transition, just
provide final state for transition as Security Monitor driver will
take care of it internally.

Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
[York Sun: Reformatted commit message slightly]
Reviewed-by: York Sun <york.sun@nxp.com>

show more ...

Merge branch 'master' of git://git.denx.de/u-boot

Fix various typos, scattered over the code.

Spelling corrections for (among other things):

* environment
* override
* variable
* ftd (should be "fdt", for flattened device tree)
* embedded
* FTDI
*

Fix various typos, scattered over the code.

Spelling corrections for (among other things):

* environment
* override
* variable
* ftd (should be "fdt", for flattened device tree)
* embedded
* FTDI
* emulation
* controller

show more ...

Merge branch 'master' of git://git.denx.de/u-boot-fsl-qoriq

SECURE BOOT: Change fsl_secboot_validate func to pass image addr

Use a pointer to pass image address to fsl_secboot_validate(),
instead of using environmental variable "img_addr".

Signed-off-by: An

SECURE BOOT: Change fsl_secboot_validate func to pass image addr

Use a pointer to pass image address to fsl_secboot_validate(),
instead of using environmental variable "img_addr".

Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Saksham Jain <saksham.jain@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>

show more ...

SECURE BOOT: Halt execution when secure boot fail

In case of fatal failure during secure boot execution (e.g. header
not found), reset is asserted to stop execution. If the RESET_REQ
is not tied to

SECURE BOOT: Halt execution when secure boot fail

In case of fatal failure during secure boot execution (e.g. header
not found), reset is asserted to stop execution. If the RESET_REQ
is not tied to HRESET, this allows the execution to continue.

Add esbh_halt() after the reset to make sure execution stops.

Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Saksham Jain <saksham.jain@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>

show more ...

armv8: fsl-lsch3: Add new header for secure boot

For secure boot, a header is used to identify key table, signature
and image address. A new header structure is added for lsch3.

Currently key exten

armv8: fsl-lsch3: Add new header for secure boot

For secure boot, a header is used to identify key table, signature
and image address. A new header structure is added for lsch3.

Currently key extension (IE) feature is not supported. Single key
feature is not supported. Keys must be in table format. Hence, SRK
(key table) must be present. Max key number has increase from 4 to
8. The 8th key is irrevocable. A new barker Code is used.

Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Saksham Jain <saksham.jain@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>

show more ...

Merge branch 'master' of git://git.denx.de/u-boot-fsl-qoriq

secure_boot: change error handler for esbc_validate

In case of error while executing esbc_validate command, SNVS
transition and issue of reset is required only for secure-boot.
If boot mode is non-s

secure_boot: change error handler for esbc_validate

In case of error while executing esbc_validate command, SNVS
transition and issue of reset is required only for secure-boot.
If boot mode is non-secure, this is not required.

Similarly, esbc_halt command which puts the core in Spin Loop
is applicable only for Secure Boot.

Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>

show more ...

SECURE BOOT: support for validation of dynamic image

Some images to be validated are relocated to a dynamic
address at run time. So, these addresses cannot be known
befor hand while signing the imag

SECURE BOOT: support for validation of dynamic image

Some images to be validated are relocated to a dynamic
address at run time. So, these addresses cannot be known
befor hand while signing the images and creating the header
offline.
So, support is required to pass the image address to the
validate function as an argument.
If an address is provided to the function, the address
field in Header is not read and is treated as a reserved
field.

Signed-off-by: Saksham Jain <saksham@freescale.com>
Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>

show more ...

SECURE BOOT: separate function created for signature

The code for image hash calculation, hash calculation from
RSA signature and comparison of hashes has been mobed to a
separate function.

Signed-

SECURE BOOT: separate function created for signature

The code for image hash calculation, hash calculation from
RSA signature and comparison of hashes has been mobed to a
separate function.

Signed-off-by: Saksham Jain <saksham@freescale.com>
Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>

show more ...

SECURE BOOT: separate functions for reading keys

Separate functions are created for reading and checking the
sanity of Public keys:
- read_validate_single_key
- read_validate_ie_tbl
- read_validate_

SECURE BOOT: separate functions for reading keys

Separate functions are created for reading and checking the
sanity of Public keys:
- read_validate_single_key
- read_validate_ie_tbl
- read_validate_srk_table

Signed-off-by: Saksham Jain <saksham@freescale.com>
Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>

show more ...

SECURE BOOT: change prototype of fsl_secboot_validate function

The prototype and defination of function fsl_secboot_validate
has been changed to support calling this function from another
function w

SECURE BOOT: change prototype of fsl_secboot_validate function

The prototype and defination of function fsl_secboot_validate
has been changed to support calling this function from another
function within u-boot.
Only two aruments needed:
1) header address - Mandatory
2) SHA256 string - optional

Signed-off-by: Saksham Jain <saksham@freescale.com>
Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>

show more ...

Merge branch 'master' of git://git.denx.de/u-boot-fsl-qoriq

armv8/ls1043ardb: add SECURE BOOT target for NOR

LS1043ARDB Secure Boot Target from NOR has been added.
- Configs defined to enable esbc_validate.
- ESBC Address in header is made 64 bit.
- SMMU is

armv8/ls1043ardb: add SECURE BOOT target for NOR

LS1043ARDB Secure Boot Target from NOR has been added.
- Configs defined to enable esbc_validate.
- ESBC Address in header is made 64 bit.
- SMMU is re-configured in Bypass mode.

Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>

show more ...

Merge git://git.denx.de/u-boot

Merge branch 'master' of git://git.denx.de/u-boot-fsl-qoriq